package morpho.etis.android.sdk.deviceauthenticator.client.keymanagement;

import android.content.Context;
import android.content.res.Resources;
import android.provider.Settings;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.RSAKeyGenParameterSpec;
import java.util.Calendar;
import java.util.List;
import java.util.Locale;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import morpho.etis.android.sdk.deviceauthenticator.client.utils.Configuration;
import morpho.etis.android.sdk.deviceauthenticator.client.utils.FileManager;
import morpho.etis.android.sdk.deviceauthenticator.client.utils.SP800SecureRandomHelper;
import morpho.etis.deviceauthenticator.exceptions.DeviceAuthenticatorException;
import org.spongycastle.asn1.x500.X500Name;
import org.spongycastle.cert.jcajce.JcaX509CertificateConverter;
import org.spongycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.spongycastle.operator.OperatorCreationException;
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: classes4.dex */
public final class CompatKeyManager extends BaseKeyManager {
    public final Cipher cipherUnwrap;
    public final Cipher cipherWrap;
    public final String encryptionKeyFileName;
    public final FileManager fileManager;
    public final String keystoreFileName;
    public final String keystorePassword;
    public byte[] wrappedKey;

    public CompatKeyManager(Context context, String str) throws DeviceAuthenticatorException, KeyStoreException {
        super(context, str, KeyStore.getInstance(Configuration.SOFT_KEYSTORE));
        this.fileManager = new FileManager(this.ctx);
        this.keystoreFileName = str + ".data";
        this.keystorePassword = Settings.Secure.getString(this.ctx.getContentResolver(), "android_id");
        this.encryptionKeyFileName = str + ".enc";
        try {
            this.cipherWrap = Cipher.getInstance("RSA/None/OAEPWithSHA1AndMGF1Padding");
            this.cipherUnwrap = Cipher.getInstance("RSA/None/OAEPWithSHA1AndMGF1Padding");
        } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new DeviceAuthenticatorException(e);
        }
    }

    public static byte[] createRandomKey() {
        byte[] bArr = new byte[16];
        SP800SecureRandomHelper.nextRandomBytes(bArr);
        return bArr;
    }

    public static KeyPair generateRsaKeyPair() throws DeviceAuthenticatorException {
        try {
            RSAKeyGenParameterSpec rSAKeyGenParameterSpec = new RSAKeyGenParameterSpec(2048, RSAKeyGenParameterSpec.F4);
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(rSAKeyGenParameterSpec);
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException e) {
            throw new DeviceAuthenticatorException(e);
        }
    }

    public final X509Certificate createUserDeviceCert(String str, PublicKey publicKey, PrivateKey privateKey) throws DeviceAuthenticatorException {
        String format = String.format("CN=%s, O=%s", str, Configuration.X509_ORGANIZATION);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(1, 20);
        Locale locale = Locale.getDefault();
        setFakeEnglishLocale();
        try {
            try {
                return new JcaX509CertificateConverter().getCertificate(new JcaX509v3CertificateBuilder(new X500Name(format), BigInteger.ONE, calendar.getTime(), calendar2.getTime(), new X500Name(format), publicKey).build(new JcaContentSignerBuilder("SHA1withRSA").build(privateKey)));
            } catch (CertificateException | OperatorCreationException e) {
                throw new DeviceAuthenticatorException(e);
            }
        } finally {
            setLocale(locale);
        }
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void generateDeviceKeys() throws DeviceAuthenticatorException {
        KeyPair generateRsaKeyPair = generateRsaKeyPair();
        PublicKey publicKey = generateRsaKeyPair.getPublic();
        PrivateKey privateKey = generateRsaKeyPair.getPrivate();
        store(this.deviceKeysAlias, createUserDeviceCert(this.deviceKeysAlias, publicKey, privateKey), privateKey);
        this.devicePublicKey = publicKey;
        this.devicePrivateKey = privateKey;
        try {
            this.cipherWrap.init(3, publicKey);
            this.cipherUnwrap.init(4, this.devicePrivateKey);
            this.encryptionKey = generateEncryptionKey();
        } catch (IOException | InvalidKeyException | IllegalBlockSizeException e) {
            throw new DeviceAuthenticatorException(e);
        }
    }

    public final SecretKey generateEncryptionKey() throws InvalidKeyException, IllegalBlockSizeException, IOException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(createRandomKey(), "AES");
        this.fileManager.updateFile(this.cipherWrap.wrap(secretKeySpec), this.encryptionKeyFileName);
        return secretKeySpec;
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public AlgorithmParameterSpec getAlgorithmParameterSpec() {
        byte[] bArr = new byte[12];
        SP800SecureRandomHelper.nextRandomBytes(bArr);
        return new IvParameterSpec(bArr);
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public AlgorithmParameterSpec getAlgorithmParameterSpec(byte[] bArr) {
        return new IvParameterSpec(bArr);
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void init(boolean z) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        if (!z) {
            this.ks.load(new ByteArrayInputStream(this.fileManager.readBinaryFile(this.keystoreFileName)), this.keystorePassword.toCharArray());
            this.wrappedKey = this.fileManager.readBinaryFile(this.encryptionKeyFileName);
        } else {
            this.fileManager.deleteFile(this.keystoreFileName);
            this.fileManager.deleteFile(this.encryptionKeyFileName);
            this.ks.load(null);
        }
    }

    public final SecretKey loadEncryptionKey() throws InvalidKeyException, NoSuchAlgorithmException {
        return (SecretKey) this.cipherUnwrap.unwrap(this.wrappedKey, "AES", 3);
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void loadKeys(List<String> list) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException, InvalidKeyException {
        super.loadKeys(list);
        this.cipherWrap.init(3, this.devicePublicKey);
        this.cipherUnwrap.init(4, this.devicePrivateKey);
        this.encryptionKey = loadEncryptionKey();
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void save() throws DeviceAuthenticatorException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.ks.store(byteArrayOutputStream, this.keystorePassword.toCharArray());
            this.fileManager.updateFile(byteArrayOutputStream.toByteArray(), this.keystoreFileName);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new DeviceAuthenticatorException(e);
        }
    }

    public final void setFakeEnglishLocale() {
        setLocale(Locale.ENGLISH);
    }

    public final void setLocale(Locale locale) {
        Locale.setDefault(locale);
        Resources resources = this.ctx.getResources();
        android.content.res.Configuration configuration = resources.getConfiguration();
        configuration.locale = locale;
        resources.updateConfiguration(configuration, resources.getDisplayMetrics());
    }

    public final void store(String str, Certificate certificate, PrivateKey privateKey) throws DeviceAuthenticatorException {
        try {
            if (privateKey != null) {
                this.ks.setKeyEntry(str, privateKey, null, new Certificate[]{certificate});
            } else {
                this.ks.setCertificateEntry(str, certificate);
            }
        } catch (KeyStoreException e) {
            throw new DeviceAuthenticatorException(e);
        }
    }

    @Override // morpho.etis.android.sdk.deviceauthenticator.client.keymanagement.BaseKeyManager
    public void storeServerCertificate(Certificate certificate) throws DeviceAuthenticatorException {
        store(this.serverCertificateAlias, certificate, null);
    }
}
